fmpros Posted June 14, 2010 Share Posted June 14, 2010 Hi Folks, I'm working on a PHP project that is basically a timed quiz. I'm using one self submitting form to process all questions for a given quiz, one question at a time. Each question is essentially an essay and is displayed/timed one at a time. Everything is working great however, the back button allows users to resubmit a question. My attempts at preventing this have been unsuccessful. Man, any help would be so appreciated. I've got a client breathing down my neck. Here is the code: <?php if(!session_id()) session_start(); require_once('include/db.inc.php'); require_once('include/auth.php'); if($_GET['new'] == 'true'){ // A $appDefRecID = '26'; //Static Value $appDefRecord = $uuDB->getRecordById('php_appdefinition', 26); $test = $_GET['id']; $appDefID = $appDefRecord->getField('__kp_AppDefinitionID'); $title = $appDefRecord->getField('Title'); $description = html_entity_decode(nl2br($appDefRecord->getField('Description_css'))); $instructions = html_entity_decode(nl2br($appDefRecord->getField('Instructions_css'))); $newAppCmd = $uuDB->newAddCommand('php_application'); $newAppCmd->setField('_kf_AppDefinitionID',$appDefID); $newAppCmd->setField('_kf_UserID',$_SESSION['userid']); $newApp = $newAppCmd->execute(); $newAppRec = current($newApp->getRecords()); $appRecID = $newAppRec->getRecordId(); $appID = $newAppRec->getField('__kp_ApplicationID'); $newPerformScript = $uuDB->newPerformScriptCommand('php_application', 'php_createApp', $appID); $scriptResult = $newPerformScript->execute(); $appRecord = $uuDB->getRecordById('php_application', $appRecID); $appQs = $appRecord->getRelatedSet('PHP_FieldValue'); $_SESSION['total'] =count($appQs) ; $_SESSION['appRecID'] = $appRecID; $_SESSION['count'] = 0; $_SESSION['valueRecID'] = $appQs[$_SESSION['count']]->getField('z_RecID'); $_SESSION['vRecID'] = array(); $counter = 0; foreach($appQs as $appQ ) { $_SESSION['vRecID'][$counter] = $appQ->getRecordId(); $counter = $counter + 1; } $qRec = $uuDB->getRecordById('php_fieldvalue', $_SESSION['vRecID'][0]); $q = $qRec->getField('FieldLabel'); $javaVar1 = $qRec->getField('FieldTime'); $constant = 1000; $seconds = 60; $javaVar2 = $javaVar1 * $seconds * $constant ; }else{ $_SESSION['count']++; $counter = $_SESSION['count']; if($_SESSION['count'] == $_SESSION['total']){ header('Location: confirmation.php'); exit(); } if (empty($_SESSION['vRecID'][$counter])) { header('Location: error.php'); exit(); } $rec = $uuDB->getRecordById('php_fieldvalue', $_SESSION['vRecID'][$counter-1]); $sub = $rec->getField('SubmitCheck'); if ($rec->getField('SubmitCheck')) { header('Location: error.php'); exit(); } $qRec = $uuDB->getRecordById('php_fieldvalue', $_SESSION['vRecID'][$counter]); $q = $qRec->getField('FieldLabel'); $javaVar1 = $qRec->getField('FieldTime'); $constant = 1000; $seconds = 60; $javaVar2 = $javaVar1 * $seconds * $constant ; $_SESSION['currentAppQid'] = $_SESSION['vRecID'][$counter]; $edit = $uuDB->newEditCommand('php_fieldvalue', $_SESSION['vRecID'][$counter-1] ); $value = $_POST['answer']; $edit->setField('Value', $value ); $edit->setField('SubmitCheck', $_POST['submitCheck']); $edit->execute(); } ?> Quote Link to comment https://forums.phpfreaks.com/topic/204762-self-submitting-form-preventing-resubmit/ Share on other sites More sharing options...
ignace Posted June 14, 2010 Share Posted June 14, 2010 http://en.wikipedia.org/wiki/Post/Redirect/Get Quote Link to comment https://forums.phpfreaks.com/topic/204762-self-submitting-form-preventing-resubmit/#findComment-1072020 Share on other sites More sharing options...
Psycho Posted June 14, 2010 Share Posted June 14, 2010 OK, I understand this problem very well, but find that wikipedia entry confusing. Quite simply, after you have processed the POST/GET data, simply redirect the user to a "success" page (e.g. Thank you for your submission") using "header('Location: success.php');". When the user is redirected to that page, all POST/GET data is lost. So, if the user refreshes the page they will just get a refresh of that page, not the processing page. I hope that didn't make it more confusing. Quote Link to comment https://forums.phpfreaks.com/topic/204762-self-submitting-form-preventing-resubmit/#findComment-1072023 Share on other sites More sharing options...
fmpros Posted June 14, 2010 Author Share Posted June 14, 2010 Thanks for the replies. What I'm really trying to prevent, is the user bypassing the time limits by going back and resubmitting. Even if I created a separate processing page with a redirect, couldn't the user eventually get to the form page by pressing back enough times? The refresh is actually not a problem sine the code automatically pushes the user to the next question upon refresh. Thanks again for the quick replies! Quote Link to comment https://forums.phpfreaks.com/topic/204762-self-submitting-form-preventing-resubmit/#findComment-1072030 Share on other sites More sharing options...
plutomed Posted June 14, 2010 Share Posted June 14, 2010 Could you not use Ajax and change the content of a div. Quote Link to comment https://forums.phpfreaks.com/topic/204762-self-submitting-form-preventing-resubmit/#findComment-1072041 Share on other sites More sharing options...
Psycho Posted June 14, 2010 Share Posted June 14, 2010 Thanks for the replies. What I'm really trying to prevent, is the user bypassing the time limits by going back and resubmitting. Even if I created a separate processing page with a redirect, couldn't the user eventually get to the form page by pressing back enough times? The refresh is actually not a problem sine the code automatically pushes the user to the next question upon refresh. Thanks again for the quick replies! Well, you will need to identify the user in some manner. If this is a system where the user logs in then you will want to store a record in the database that includes the user ID and last submission time. Then whenever a submission is made you will need to check that table to see if enough time has elapsed since the last submission time to allow the new submissions. If this is not a system with known users that log in (i.e. anyone can access the page) then you have some decisions to make. Because it all depends on how fool-proof this needs to be. You can use a cookie to store the last submission time, assuming the user has cookies enabled. This allows the submission to be tracked on a machine by machine basis. But, if you are worried about malicious user's they can disable cookies and/or delete them on each submission. If you don't want to use cookies, you could store a last submission in the database by IP address. BUt, that has drawbacks as well. Users can change/spoof their IP address and it will also cause problems for users that are behind a NAT and are using the same external IP address. Quote Link to comment https://forums.phpfreaks.com/topic/204762-self-submitting-form-preventing-resubmit/#findComment-1072045 Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.